On 12/27/12 14:24 -0600, Kyle(a)TheHarrisHome.com wrote:
Thank you for your response. I am using CentOS 6.3, OpenLDAP 2.4 and sssd
1.8 as the pam module. Hope that helps as I still can't quite figure it
out, and thank you again.
You should see if sssd contains the logic to make use of the ppolicy
related attributes. If not, you should configure the appropriate
shadowAccount attributes instead.
From: Dan White [mailto:email@example.com]
Sent: Sunday, December 23, 2012 6:43 PM
To: Kyle Harris
Subject: Re: How to force password change upon account creation
On 12/23/12 17:33 -0600, Kyle Harris wrote:
>I have a perl script that allows for the creation of new accounts in
>OpenLDAP. I am attempting to find a way to force the newly created
>user to change his or her password upon first login. I tried setting
>the attribute pwdMustChange to TRUE but that attribute must not be
>definable upon user creation. So, how can this be accomplished so that
>a new user is forced to change passwords after they first log on?
By 'log in' I assume you're asking about shell access to your system, which
makes use of an ldap pam module to authenticate users. If so, the function
of prompting users to change their password will be handled by that piece of
software, and you should consult the documentation distributed with it.
If that's not the case, please clarify your authentication scenario.